rlm@9
|
1 #+title: Password Security in Emacs Terminal Emulators
|
rlm@9
|
2 #+author: Robert McIntyre
|
rlm@9
|
3 #+email: rlm@mit.edu
|
rlm@9
|
4 #+description: emacs terminal password security
|
rlm@9
|
5 #+keywords: emacs, password, security, term
|
rlm@9
|
6 #+SETUPFILE: ../../aurellem/org/setup.org
|
rlm@9
|
7 #+INCLUDE: ../../aurellem/org/level-0.org
|
rlm@9
|
8 #+babel: :mkdirp yes :noweb yes :exports both
|
rlm@9
|
9
|
rlm@9
|
10 I use emacs for everything -- email, programming, document
|
rlm@9
|
11 preparation, planning... You name it, I do it! One thing which I use
|
rlm@9
|
12 emacs for is terminal emulation, which is where you create a buffer in
|
rlm@9
|
13 emacs where you can enter commands as if the buffer were a
|
rlm@9
|
14 terminal. Good terminal emulation packages for emacs include
|
rlm@9
|
15 =multi-term= and =term=.
|
rlm@9
|
16
|
rlm@10
|
17 * Watch Out for =view-lossage=!
|
rlm@9
|
18 However, if you are going to use terminal emulation in emacs, you have
|
rlm@9
|
19 to be careful around "sudo" prompts, and when logging into other
|
rlm@11
|
20 servers using ssh, because /the last 300 keystrokes you have typed in
|
rlm@9
|
21 emacs are available/ using =C-h l=, a help function in emacs which
|
rlm@10
|
22 displays the last keypresses you have typed.
|
rlm@9
|
23
|
rlm@9
|
24 #+begin_example
|
rlm@9
|
25 C-h l runs the command view-lossage, which is an interactive compiled
|
rlm@9
|
26 Lisp function in `help.el'.
|
rlm@9
|
27
|
rlm@9
|
28 It is bound to C-h l, <help> l.
|
rlm@9
|
29
|
rlm@9
|
30 (view-lossage)
|
rlm@9
|
31
|
rlm@9
|
32 Display last 300 input keystrokes.
|
rlm@9
|
33 #+end_example
|
rlm@9
|
34
|
rlm@9
|
35 Let's say my password is "sup3r-seekrit#7".
|
rlm@9
|
36
|
rlm@9
|
37 I open an emacs terminal using =M-x multi-term=, then do the following
|
rlm@9
|
38
|
rlm@9
|
39 #+begin_example
|
rlm@9
|
40 [~] $ ssh rlm@linerva.mit.edu
|
rlm@9
|
41 Password:
|
rlm@9
|
42
|
rlm@9
|
43 Welcome to Linerva, the SIPB Linux dialup for MIT.
|
rlm@9
|
44 Linerva runs Debathena on Debian squeeze.
|
rlm@9
|
45 http://linerva.mit.edu for more information
|
rlm@9
|
46 blanche linerva-announce -a $USER # for outage announcements
|
rlm@9
|
47 linerva@mit.edu (not IS&T) for questions and bug reports
|
rlm@9
|
48
|
rlm@9
|
49 Last login: Mon Mar 4 12:53:23 2013 from ella.csail.mit.edu
|
rlm@9
|
50 rlm@dr-wily:~$ exit
|
rlm@9
|
51 logout
|
rlm@9
|
52 Connection to linerva.mit.edu closed.
|
rlm@9
|
53 #+end_example
|
rlm@9
|
54
|
rlm@9
|
55 Now, when I type =C-h l=, I can see this:
|
rlm@9
|
56
|
rlm@9
|
57 #+begin_example
|
rlm@9
|
58 s s h SPC r l m @ l i n e r v a . m i t . e d u <return>
|
rlm@9
|
59 s u p 3 r - s e e k r i t # 7 <return> e x i t C-h l
|
rlm@9
|
60 #+end_example
|
rlm@9
|
61
|
rlm@9
|
62 Needless to say, this can be a security vulnerability.
|
rlm@9
|
63
|
rlm@9
|
64 * Solutions to this problem
|
rlm@9
|
65
|
rlm@9
|
66 - If you don't ever type your password into an emacs terminal buffer,
|
rlm@9
|
67 then you are not at risk. This can be accomplished by using ssh
|
rlm@10
|
68 keyfiles or Kerberos for connecting to remote servers, and by
|
rlm@9
|
69 enabling passwordless sudo.
|
rlm@9
|
70
|
rlm@9
|
71 - You can disable emacs keylogging, though you then won't be able to
|
rlm@9
|
72 use the =view-lossage= command anymore.
|
rlm@9
|
73
|
rlm@9
|
74 - If there's no way for an attacker to get into your emacs process,
|
rlm@9
|
75 then your passwords are safe. Still, you run the risk of someone
|
rlm@9
|
76 physically near your computer using this method to view your
|
rlm@9
|
77 password, as well as inadvertently exposing your password when
|
rlm@9
|
78 showing someone what =view-lossage= does!
|
rlm@9
|
79
|
rlm@9
|
80 * Source Listing
|
rlm@9
|
81 #+html: <ul> <li> <a href="../org/emacs-password.org">This org file</a> </li> </ul>
|
rlm@9
|
82
|
rlm@9
|
83
|
rlm@9
|
84
|
rlm@9
|
85
|
rlm@9
|
86
|